ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportIIB V10 Kafka producer SSL issue

Post new topicReply to topic
IIB V10 Kafka producer SSL issue View previous topic :: View next topic
Author Message
IIBV10Newbie
PostPosted: Wed Jul 19, 2017 10:56 am Post subject: IIB V10 Kafka producer SSL issue Reply with quote

Newbie

Joined: 19 Jul 2017
Posts: 3

Hello Team,

I am trying to work with a SSL based kafka topic.
I have setup the properties on Kafka producer node and ran the below commands for setting up keystore and trustore where my kafka certificates are stored.

mqsichangeproperties TESTNODE_z0019z5 -o BrokerRegistry -n brokerKeystoreFile -v C:\Git\das_egiftcard_publisher-v1\keystores\keystore.jks
mqsichangeproperties TESTNODE_z0019z5 -o BrokerRegistry -n brokerTruststoreFile -v C:\Git\das_egiftcard_publisher-v1\keystores\trustore.jks
mqsisetdbparms TESTNODE_z0019z5 -n brokerKeystore::password -u temp -p changeit
mqsisetdbparms TESTNODE_z0019z5 -n brokerTruststore::password -u temp -p changeit

Restarted the node after these commands.

I can see error in event log after I publish

Failed to initialise Kafka output connector. Reason ''Failed to construct kafka producer''.

Initialising the Kafka output connector failed with reason ''Failed to construct kafka producer''. Possible causes are:
1) None of the Kafka servers defined in 'Bootstrap Servers' property can be contacted.
2) If using an SSL connection, the SSL configuration is incorrect.
3) If using SASL authentication, the credentials are incorrectly configured.
4) The Kafka client could not be loaded.

Verify the Kafka servers are available at tha addresses specified in the 'Bootstrap Servers' property. If connecting to Kafka using an SSL connection, verify the SSL configuration properties match those required by the Kafka server. If connecting to Kafka using an SSL connection and have configured a SSL truststore, verify the truststore contains certificates which can validate those provided by the Kafka server. Further information on the cause of the failure may be available by enabling more detailed logging from the Kafka client in the log4j properties file.


From these properties only thing I can think of is SSL properties. IS there some other command/step which is missing.
Back to top
View user's profile Send private message
IIBV10Newbie
PostPosted: Wed Jul 19, 2017 11:46 am Post subject: Reply with quote

Newbie

Joined: 19 Jul 2017
Posts: 3

Just an additional info.
Non SSL works and I am able to produce and consume
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Wed Jul 19, 2017 1:19 pm Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19299
Location: LI,NY

IIBV10Newbie wrote:
Just an additional info.
Non SSL works and I am able to produce and consume

How are you talking to Kafka. Are you using the broker wide listener or the eg wide listener?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
IIBV10Newbie
PostPosted: Thu Jul 20, 2017 4:33 am Post subject: Reply with quote

Newbie

Joined: 19 Jul 2017
Posts: 3

I didnt get you. I have deployed producer and consumer on same EG. Ran the commands above which i feel are broker wide.

Is there some specific setting which we need to do for SSL handshake between broker and kafka? For HTPS nodes we enable the ssl connector and use almost similar commands and I tried those and it works.

New to kafka nodes so I am kind of stuck. I tried same keystore and truststore in Camel code and it works fine. So creds are fine.

Only problem I see is something missing which we need to enable before making SSL connection to kafka.

Or some limitation in developers version of V10 as I downloaded that for kafka nodes POC only.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Thu Jul 20, 2017 5:44 am Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17446

Start by seeing what Kafka is complaining about, and or logging.

It's useless doing anything with broker without knowing why Kafka won't let you connect.
_________________
Read, Think, Try, Repeat
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportIIB V10 Kafka producer SSL issue
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.